interface: T3509: Add per-interface IPv6 source validation

2 files changed, 6 insertions, 2 deletions

diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index d889a505d..84af0449a 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -3,9 +3,9 @@
 {% import 'firewall/nftables-defines.j2' as group_tmpl %}
 
 {% if first_install is not vyos_defined %}
-delete table inet vyos_rpfilter
+delete table inet vyos_global_rpfilter
 {% endif %}
-table inet vyos_rpfilter {
+table inet vyos_global_rpfilter {
     chain PREROUTING {
         type filter hook prerouting priority -300; policy accept;
 {% if global_options.source_validation is vyos_defined('loose') %}
diff --git a/data/vyos-firewall-init.conf b/data/vyos-firewall-init.conf
index 36d92fe93..ab25ab4bd 100644
--- a/data/vyos-firewall-init.conf
+++ b/data/vyos-firewall-init.conf
@@ -82,6 +82,10 @@ table ip6 raw {
         type filter hook forward priority -300; policy accept;
     }
 
+    chain vyos_rpfilter {
+        type filter hook prerouting priority -300; policy accept;
+    }
+
     chain PREROUTING {
         type filter hook prerouting priority -300; policy accept;
         counter jump VYOS_CT_PREROUTING_HOOK